Lakeland confirms security breach

Lakeland has today notified customers of a suspected security breach it says took place late Friday.

It has discovered hackers were able to access to two encrypted databases through a sophisticated cyber attack using a recently identified Java software flaw it said affected the web servers running its e-commerce website.

While it also said no data appears to have been stolen, it has taken the precaution of deleting all customer passwords from the site and is inviting customers to reset them the next time they visit Lakeland online. And it warned against using the same or similar passwords across multiple sites and services.

Sam Rayner, Lakeland managing director, was apologetic in an email sent to customers today: "We deeply regret that this has occurred and apologise for the inconvenience caused."

Sophisticated and sustained attack

The email continued: "Late on Friday July 19th we discovered that the Lakeland website was being attacked by hackers in a sophisticated and sustained attack. Immediate action was taken to block the attack, repair the system and to investigate the damage done and this investigation continues."

However it apparently took the next four days for the retailer to discover details of the breach and inform customers, as the email added: "Today it has become clear that two encrypted databases were accessed, though we’ve not been able to find any evidence that the data has been stolen."

Dodi Glenn, director of security content management at ThreatTrack Security Labs, commented in a blog post that it was common practice to purge passwords in the event someone suspects a compromise of their database.

Taking right course of action

"While customers may be alarmed as is natural in these circumstances, Lakeland should work with the authorities to identify what information was leaked," Glenn said. "Customers should have the right to know if their credit card numbers were stolen. Lakeland and others should take note that being proactive instead of reactive is the best approach, because brand reputation is priceless."

In a statement sent to Retail Technology, a Lakeland spokesperson said: "We have stringent security procedures in place to protect our customer data and the security and privacy of our customers remains the highest priority to us. We are always open and honest with our customers and, though we do not know for sure that data has been stolen, we are being proactive and advising that as a precaution customers change their passwords.”